Merge remote-tracking branch 'ni/master'

This commit is contained in:
lassulus 2016-11-25 00:19:17 +01:00
commit 8014aa6594
15 changed files with 81 additions and 36 deletions

View File

@ -78,7 +78,9 @@ with import <stockholm/lib>;
extraZones = {
# TODO generate krebsco.de zone from nets and don't use extraZones at all
"krebsco.de" = ''
krebsco.de. 60 IN MX 5 mx23
cd 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr}
mx23 60 IN A ${config.krebs.hosts.cd.nets.internet.ip4.addr}
'';
};
nets = {
@ -213,7 +215,6 @@ with import <stockholm/lib>;
ni = {
extraZones = {
"krebsco.de" = ''
krebsco.de. 60 IN MX 5 ni
ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
cgit 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
cgit.ni 60 IN A ${config.krebs.hosts.ni.nets.internet.ip4.addr}
@ -351,11 +352,17 @@ with import <stockholm/lib>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcJvu8JDVzObLUtlAQg9qVugthKSfitwCljuJ5liyHa";
};
xu = {
binary-cache = {
pubkey = "xu-1:pYRENvaxZqGeImwLA9qHmRwHV4jfKaYx4u1VcZ31x0s=";
};
cores = 4;
nets = {
gg23 = {
ip4.addr = "10.23.1.38";
aliases = ["xu.gg23"];
aliases = [
"cache.xu.gg23"
"xu.gg23"
];
ssh.port = 11423;
};
retiolum = {

View File

@ -37,7 +37,17 @@ rec {
};
};
writeBash = makeScriptWriter "${pkgs.bash}/bin/bash";
writeBash = name: text:
assert (with types; either absolute-pathname filename).check name;
pkgs.writeOut (baseNameOf name) {
${optionalString (types.absolute-pathname.check name) name} = {
check = pkgs.writeDash "shellcheck.sh" ''
${pkgs.haskellPackages.ShellCheck}/bin/shellcheck "$1" || :
'';
executable = true;
text = "#! ${pkgs.bash}/bin/bash\n${text}";
};
};
writeBashBin = name:
assert types.filename.check name;
@ -91,6 +101,7 @@ rec {
writers.text =
{ path
, check ? null
, executable ? false
, mode ? if executable then "0755" else "0644"
, text
@ -102,6 +113,9 @@ rec {
var = "file_${hashString "sha1" path}";
val = text;
install = /* sh */ ''
${optionalString (check != null) /* sh */ ''
${check} ''$${var}Path
''}
${pkgs.coreutils}/bin/install -m ${mode} -D ''$${var}Path $out${path}
'';
};

View File

@ -19,6 +19,7 @@ stdenv.mkDerivation {
git
gnugrep
gnused
nettools
openssh
socat
]);

View File

@ -1,11 +1,11 @@
{ mkDerivation, base, fetchgit, stdenv }:
mkDerivation {
mkDerivation rec {
pname = "blessings";
version = "1.0.0";
version = "1.1.0";
src = fetchgit {
url = http://cgit.ni.krebsco.de/blessings;
rev = "25a510dcb38ea9158e9969d56eb66cb1b860ab5f";
sha256 = "0xg329h1y68ndg4w3m1jp38pkg3gqg7r19q70gqqj4mswb6qcrqc";
rev = "refs/tags/v${version}";
sha256 = "1k908zap3694fcxdk4bb29s54b0lhdh557y10ybjskfwnym7szn1";
};
libraryHaskellDepends = [ base ];
doHaddock = false;

View File

@ -2,6 +2,6 @@
fetchgit {
url = https://github.com/krebscode/painload;
rev = "8df031f810a2776d8c43b03a9793cb49398bd33b";
sha256 = "03md5k6fmz0j1ny22iw96dzq7cvijbz24ii85i0h2dhcychdp650";
rev = "c113487f73713a03b1a139b22bb34b86234d0495";
sha256 = "1irxklnmvm8wsa70ypjahkr8rfqq7357vcy8r0x1sfncs1hy6gr6";
}

View File

@ -15,7 +15,6 @@ with import <stockholm/lib>;
../2configs/nginx/public_html.nix
../2configs/pulse.nix
../2configs/retiolum.nix
../2configs/wu-binary-cache/client.nix
../2configs/xserver
];

View File

@ -16,7 +16,6 @@ with import <stockholm/lib>;
../2configs/nginx/public_html.nix
../2configs/pulse.nix
../2configs/retiolum.nix
../2configs/wu-binary-cache
../2configs/xserver
{
environment.systemPackages = with pkgs; [

View File

@ -15,7 +15,7 @@ with import <stockholm/lib>;
../2configs/nginx/public_html.nix
../2configs/pulse.nix
../2configs/retiolum.nix
../2configs/wu-binary-cache/client.nix
../2configs/binary-cache
../2configs/xserver
../2configs/xu-qemu0.nix
{

View File

@ -21,7 +21,6 @@ with import <stockholm/lib>;
../2configs/nginx/public_html.nix
../2configs/pulse.nix
../2configs/retiolum.nix
../2configs/wu-binary-cache/client.nix
../2configs/xserver
{
environment.systemPackages = with pkgs; [

View File

@ -58,6 +58,18 @@ with import <stockholm/lib>;
dst = { host = config.krebs.hosts.xu; path = "/bku/cd-home"; };
startAt = "07:00";
};
xu-pull-ni-ejabberd = {
method = "pull";
src = { host = config.krebs.hosts.ni; path = "/var/ejabberd"; };
dst = { host = config.krebs.hosts.xu; path = "/bku/ni-ejabberd"; };
startAt = "07:00";
};
xu-pull-ni-home = {
method = "pull";
src = { host = config.krebs.hosts.ni; path = "/home"; };
dst = { host = config.krebs.hosts.xu; path = "/bku/ni-home"; };
startAt = "07:00";
};
zu-home-xu = {
method = "push";
src = { host = config.krebs.hosts.zu; path = "/home"; };
@ -76,6 +88,18 @@ with import <stockholm/lib>;
dst = { host = config.krebs.hosts.zu; path = "/bku/cd-home"; };
startAt = "06:30";
};
zu-pull-ni-ejabberd = {
method = "pull";
src = { host = config.krebs.hosts.ni; path = "/var/ejabberd"; };
dst = { host = config.krebs.hosts.zu; path = "/bku/ni-ejabberd"; };
startAt = "06:00";
};
zu-pull-ni-home = {
method = "pull";
src = { host = config.krebs.hosts.ni; path = "/home"; };
dst = { host = config.krebs.hosts.zu; path = "/bku/ni-home"; };
startAt = "06:30";
};
} // mapAttrs (_: recursiveUpdate {
snapshots = {
minutely = { format = "%Y-%m-%dT%H:%M"; retain = 3; };

View File

@ -1,22 +1,30 @@
{ config, lib, pkgs, ... }: with import <stockholm/lib>;
{
services.nix-serve = assert config.krebs.build.host.name == "wu"; {
environment.etc."binary-cache.pubkey".text =
config.krebs.build.host.binary-cache.pubkey;
services.nix-serve = {
enable = true;
secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
secretKeyFile = config.krebs.secret.files.binary-cache-seckey.path;
};
systemd.services.nix-serve = {
requires = ["secret.service"];
after = ["secret.service"];
};
krebs.secret.files.nix-serve-key = {
krebs.secret.files.binary-cache-seckey = {
path = "/run/secret/nix-serve.key";
owner.name = "nix-serve";
source-path = toString <secrets> + "/nix-serve.key";
};
krebs.nginx = {
enable = true;
servers.nix-serve = {
server-names = [ "cache.wu.gg23" ];
server-names = [
"cache.${config.krebs.build.host.name}.gg23"
];
locations = singleton (nameValuePair "/" ''
proxy_pass http://localhost:${toString config.services.nix-serve.port};
'');

View File

@ -14,7 +14,7 @@ with import <stockholm/lib>;
stockholm.file = "/home/tv/stockholm";
nixpkgs.git = {
url = https://github.com/NixOS/nixpkgs;
ref = "a6728e15cbca1d11553f01d7c3c477ae2debfd8e";
ref = "728a9578e31a0f78f6ad07a3a2ec706ec5290f10";
};
} // optionalAttrs host.secure {
secrets-master.file = "/home/tv/secrets/master";

View File

@ -29,8 +29,10 @@ let
cac-api = {
cgit.desc = "CloudAtCost API command line interface";
};
dic = {
cgit.desc = "dict.leo.org command line interface";
};
get = {};
hack = {};
load-env = {};
loldns = {
cgit.desc = "toy DNS server";
@ -40,12 +42,9 @@ let
netcup = {
cgit.desc = "netcup command line interface";
};
newsbot-js = {};
nixpkgs = {};
populate = {
cgit.desc = "source code installer";
};
push = {};
regfish = {};
soundcloud = {
cgit.desc = "SoundCloud command line interface";
@ -53,8 +52,10 @@ let
stockholm = {
cgit.desc = "NixOS configuration";
};
with-tmpdir = {};
} // mapAttrs (_: recursiveUpdate { cgit.section = "2. Haskell libraries"; }) {
} // mapAttrs (_: recursiveUpdate { cgit.section = "2. Host configurations"; }) {
ni = {
};
} // mapAttrs (_: recursiveUpdate { cgit.section = "3. Haskell libraries"; }) {
blessings = {};
mime = {};
quipper = {};
@ -63,12 +64,15 @@ let
web-routes-wai-custom = {};
xintmap = {};
xmonad-stockholm = {};
} // mapAttrs (_: recursiveUpdate { cgit.section = "3. museum"; }) {
} // mapAttrs (_: recursiveUpdate { cgit.section = "4. museum"; }) {
cgserver = {};
crude-mail-setup = {};
dot-xmonad = {};
make-snapshot = {};
nixos-infest = {};
painload = {};
push = {};
with-tmpdir = {};
});
restricted-repos = mapAttrs make-restricted-repo (

View File

@ -1,7 +0,0 @@
_:
{
nix = {
binaryCaches = ["http://cache.wu.gg23"];
binaryCachePublicKeys = ["cache.wu-1:cdhA201O2R2Ect463vhJFmhpMaNyT/tOvzYvtceT9q8="];
};
}

View File

@ -35,9 +35,6 @@ with import <stockholm/lib>;
ff = pkgs.writeDashBin "ff" ''
exec ${pkgs.firefoxWrapper}/bin/firefox "$@"
'';
gnupg =
if elem config.krebs.build.host.name ["xu" "wu"]
then super.gnupg21
else super.gnupg;
gnupg = pkgs.gnupg21;
};
}